{"componentChunkName":"component---src-templates-blog-list-template-js","path":"/133","result":{"data":{"allMarkdownRemark":{"edges":[{"node":{"excerpt":"In mid-January 2020, Marriott International suffered a new data breach which affected around 5.2 million guests. Marriott claims the…","fields":{"slug":"/identity/marriott-data-breach-2020/"},"html":"

In mid-January 2020, Marriott International suffered a new data breach which affected around 5.2 million guests.

\n

Marriott claims the security breach could have revealed 5.2 million guests 'personal details. This is the second data breach by Marriott in recent years following a breach in 2018.

\n

Marriott Data Breach 2020: When and How Did It Happen?

\n

The breach was identified at the end of February 2020 and dates back to mid-January 2020.

\n

Marriott says it discovered in late February that the network of an unspecified hotel chain had been hacked, and hackers who obtained the login credentials of two Marriott employees may have accessed the guest details. The firm has reason to believe the operation began as early as mid-January.

\n

The breach may have taken personal details such as names, birthdates, and telephone numbers, along with language preferences and loyalty account numbers. 

\n

Marriott stated, \"While our investigation is continuing, we currently have no reason to assume that the details involved included passwords or PINs for Marriott Bonvoy account, payment card details, passport information, national IDs or driver's license numbers.\"

\n

Adding to it, Marriott said it contacted guests whose details may have been taken via email and launched a website dedicated to those who were affected. The company offered the program for tracking the personal information of visitors whose details could have been compromised.

\n

The hotel giant announced another data breach in late 2018, which affected up to 500 million guests while staying at its subsidiary, Starwood, purchased by the company in 2016.

\n

It could be considered an honest mistake to suffer one data breach but to suffer two in less than two years looks like carelessness. There are some promising signs that the company has learned some valuable information security lessons in spite of how it may look to an outsider. From this experience, the entire hospitality industry should now know better.

\n

\n \n \n

\n

What does the Hotel Industry do to avoid data breaches like Marriott’s?

\n

1. Develop a Security-Centric Culture at the Top Level.
\nWhen the security of customer identities and profiles is priority number one. A security-centric mindset ensures a serious approach to customer data security. The approach should be top-down instead of bottom-up, with responsibility resting with the CEO and board.

\n

2. Stay ahead of the security curve.
\nIt’s okay to be cautious in adopting innovations, but when it comes to customer data security products, companies should be proactive, constantly reviewing and trying new developments to stay ahead of hackers.

\n

3. Make your security spend for customer data security unbudgeted.
\nInvest whatever it takes to protect sensitive customer data. Yes, stay within your financial metrics, but don’t cap the budget, because capping it means you’re compromising. Give the security team whatever they request to protect the brand. It’s not going to cost billions.

\n

4. Recognize that customer data security is not a cost center but a revenue center.
\nCompanies need to understand that customer data security is part of the revenue center, not the cost center. With better security, you are not only preventing breaches, but you are also building trust within your customer base to generate more revenue.

\n

Let’s hope that Marriott and its peers in the travel industry have learned that, while the security of customer accounts may not be their core business, it still needs to be priority number one.

\n

\n \n \n

\n","frontmatter":{"date":"April 13, 2020","updated_date":null,"description":"Marriott International experienced a new data breach in mid-January 2020, which affected about 5.2 million guests.","title":"Marriott Data Breach 2020: 5.2 Million Guest Records Were Stolen","tags":["other"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.408450704225352,"src":"/static/538e5de9de27f75302287fa525580589/c3e3a/marriott-data-breach.jpg","srcSet":"/static/538e5de9de27f75302287fa525580589/f836f/marriott-data-breach.jpg 200w,\n/static/538e5de9de27f75302287fa525580589/2244e/marriott-data-breach.jpg 400w,\n/static/538e5de9de27f75302287fa525580589/c3e3a/marriott-data-breach.jpg 769w","sizes":"(max-width: 769px) 100vw, 769px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.jpg"}}}},{"node":{"excerpt":"As the retail and e-commerce industry enters the new era of digitalization, customer experience while interacting with a brand has taken a…","fields":{"slug":"/identity/loginradius-ciam-retail-ecommerce-business/"},"html":"

As the retail and e-commerce industry enters the new era of digitalization, customer experience while interacting with a brand has taken a giant leap forward. It has in fact, pushed products and services as a secondary entity to the overall shopping experience. They are no longer the driving motivation for shoppers to approach a store.

\n

Today, customers want to remember how they were treated. And if retailers do it right, they won’t shy away from coming back over and over again.

\n

Therefore, amid the struggle among retailers to stand out, the power has shifted heavily in favor of customers. Today, retailers must be everywhere to make their customers feel unique.

\n

They should be able to identify their visitors and build personalized experiences around major touchpoints like product discovery, research, purchase, and beyond.

\n

No wonder customer identification has been playing a pivotal role in driving new-age marketing campaigns.

\n

What is Identity Management in the retail and e-commerce industry?

\n

Identity management in the retail and e-commerce industry is a seamless, secure, and scalable solution to identify and protect customer data and ensure that they can easily access any information they need.

\n

Traditionally, identity management solutions have been only about employee-centric internal security. In fact, they were designed to manage the identities of a limited number of users.

\n

Fast forward to today’s scenario – the idea of putting customer identity right in the middle of the retailer's business model is gradually picking up and turning heads.

\n

There are customer identity and access management providers available that generate automated customer profiles across multiple channels.

\n

As a result, customers enjoy on-time delivery of digital (and physical) goods and services, along with a few add-ons like:

\n\n

These are opportunities ready to be grabbed. But are retailers ready to fuse identity management into their workflow? If not, it is high time that they should.

\n

A world without an identity management solution will invite the following challenges.

\n
    \n
  1. Lack of omnichannel customer experience.
    2. \n
  2. Absence of customer identity.
    3. \n
  3. Data compliance and security flaws.
    4. \n
  4. Lack of role-based privileges.
    5. \n
  5. Unmanageable data duplicacy.
    6. \n
\n

Creating a Frictionless Customer Experience with LoginRadius

\n

Here’s a question. What will turn casual visitors into loyal customers?

\n

As a retailer, you need to understand the demographics of your customers and figure out their preferences. Adding a customer identity and access management (CIAM) solution to your business should do the trick. 

\n

Speaking of which, the LoginRadius identity solution provides a centralized, available, and secure identification and management of customers' data to retailers. 

\n

Among its solutions include the real-time ability for visitors to self-register for services, login and authenticate, and enjoy a single-source view.

\n

Retailers can manage customer profiles and provide a personalized omnichannel experience with consent and other preferences.

\n

\n \n \n

\n

Improving Registration and Login Options

\n

The identity management platform allows customers to register using the following registration options quickly:

\n

1. Smart Login: With this login option, a customer can log into a device that is neither a website or a mobile device. For example, if you want to authenticate your customers who are using an application on your smart TV, you can streamline the required authentication flow with this option.

\n

2. One-Touch Login: Passwords are dead. Customers need not remember passwords to login to an application or website anymore. Therefore, to remove further friction during login and avoid too many forgot password requests, retailers can use these login options:

\n\n

Getting Customer Data with Customer Consent

\n

The concept of progressive profiling is getting a lot of attention these days. So, what is it, and why do retailers need it?

\n

Progressive profiling is the method of collecting information about your customers using dynamic web forms throughout the purchase journey.

\n

Here's how this works. For example, you want some details from your customers to customize the end-user experience, or you want their consent to use some of your services, but you are afraid of losing them by asking to fill a long registration form. 

\n

\n \n \n

\n

Progressive profiling will do wonders here. For instance, when the customer has placed the first three orders, you can ask them to fill in a small questionnaire. They will more likely answer about their preferences at this stage rather than during the registration.

\n

Utilizing Shopper Insights

\n

One way to increase brand loyalty is by combining a 360-degree view of the customer demographics with their behavior and personal preferences. This helps retailers and e-commerce owners tweak the way they interact with their brands.

\n

All-in-all, centrally managing identities can primarily enhance the customer experience and build better relationships.

\n

Engaging and Attracting Customers

\n

LoginRadius simplifies the shopper registration process with social sign-in and single sign-on. 

\n

Social Sign-In: Customers tend to remember the credentials of their frequently used network. As such, social sign-in is the method of one-click authentication with a social media account. It reduces the hassles of the registration process and, thereby, helps a great deal in converting a random user to a value-added customer. 

\n

Single Sign-On: It means a customer can access multiple accounts with a single set of credentials. It offers ease of authentication and reduces the risk of minimizing poor password habits.

\n

\n \n \n

\n

Providing Customer Security

\n

The LoginRadius platform offers advanced frictionless security to enhance the customer experience in the retail and e-commerce industry. With features like data management and real-time fraud analysis, it prevents fraudulent access attempts.

\n

Privacy compliance is another critical aspect of LoginRadius. Some of the global standards that it abides by include the EU's GDPR and California's CCPA.

\n

Preventing Account Takeover (ATO)

\n

Account takeover (ATO) fraud prevention is growing popular especially in the retail, and ecommerce sector.

\n

Wondering what is it?

\n

ATO happens when a hacker, for example, steals saved card details and places an order on behalf of the customer, redeems reward points for goods or services, steals gift cards, and sells attacked accounts to other cybercriminals.

\n

Not just the victimized customer, but ATO can cause severe damage to the overall customer experience in the retail and e-commerce industry.

\n

The LoginRadius identity platform protects customers and retailers from attacks such as social engineering, password spraying, credential stuffing, phishing, brute force, and session hijacking.

\n

Account Security Best Practices

\n

For any retailer, account management, verification, and password management is a huge deal. But when it comes to relying on an identity management provider platform, account management seems tricky and often falls short of expectations.

\n

\n \n \n

\n

LoginRadius offers the following security benefits in the e-commerce spectrum.

\n\n

Conclusion

\n

Security and seamless customer experience in the retail and e-commerce industry are the major brand differentiators. 

\n

But, there is no magic formula for mastering security. So, if you are not careful, you can lose your customers' trust. Plan and give your shoppers a hassle-free experience with your brand, every time.

\n

\n \n \n

\n","frontmatter":{"date":"April 08, 2020","updated_date":null,"description":"As the retail and e-commerce industry enters the modern digitalization age, a giant leap forward has been made by consumer experience when engaging with a brand. In reality, it has moved goods and services into the overall shopping experience as a secondary entity. For customers, they are no longer the motivating impetus to approach a store.","title":"How LoginRadius Help Retail and E-commerce Industry to Manage Customer Identities","tags":["ciam solution","compliance","cx"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/67aa7da9a7d511d6602570357b94e8a3/33aa5/retail-ecommerce.jpg","srcSet":"/static/67aa7da9a7d511d6602570357b94e8a3/f836f/retail-ecommerce.jpg 200w,\n/static/67aa7da9a7d511d6602570357b94e8a3/2244e/retail-ecommerce.jpg 400w,\n/static/67aa7da9a7d511d6602570357b94e8a3/33aa5/retail-ecommerce.jpg 768w","sizes":"(max-width: 768px) 100vw, 768px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.jpg"}}}},{"node":{"excerpt":"Companies are investing heavily in omnichannel customer experiences lately. But why are they doing so? Well, the answer is simple. Today…","fields":{"slug":"/growth/omnichannel-customer-experience/"},"html":"

Companies are investing heavily in omnichannel customer experiences lately. But why are they doing so?

\n

Well, the answer is simple.

\n

Today, customers expect a seamless and consistent interaction across major communication touchpoints.

\n

Creating separate web, mobile, and social media experiences are no longer effective. Today, businesses are integrating marketing, support, and sales channels as part of one big omnichannel experience instead.

\n

But then,  pulling this off can be quite expensive. 

\n

Firstly, brands need to understand what omnichannel customer experience is, how it should function, and why companies are investing in them.

\n

Defining the omnichannel customer experience

\n

An omnichannel customer experience is a multifold approach to advertising, selling, and supporting customers across multiple marketing touchpoints. 

\n

This means a customer could be shopping from his desktop, mobile phone, or offline store and still enjoy a seamless buying experience

\n

Let's explain this further.

\n

Here's what the journey of a customer will look like in the omnichannel world when he wishes to buy a smart TV.

\n\n

This is how customers interact with brands today. They don't mind going all out. Customers are okay with venturing both online and offline, prior, during, and post their purchase journey. 

\n

All-in-all, a brand that advocates the omnichannel customer experience module should ensure that the customer's journey is seamless, especially while switching between different physical and digital channels.

\n

That being said, the following are a few industry figures that will highlight the importance of omnichannel customer experiences in the new world.

\n

\n \n \n

\n

Omnichannel customer experience statistics

\n\n

The Growing Popularity of Omnichannel Customer Experience

\n

The omnichannel approach to the customer experience is here to stay. And with the growing popularity, it is all set to emerge as a game-changer. 

\n

While the obvious benefit includes producing a consistent customer experience across all channels, omnichannel offers other benefits too.

\n\n

\n \n \n

\n

The Role of LoginRadius in Building an Omnichannel Customer Experience

\n

With LoginRadius' cloud-based customer identity and access management solution, businesses can meet the need of modern customers in a way that is highly scalable, fast, and flexible. 

\n

Along with robust data security, it offers the following capabilities for delivering omnichannel customer experiences to its clients.

\n\n

To learn more about the omnichannel customer experience, here is an infographic created by LoginRadius that describes the customer experience journey in an omnichannel world.

\n

\n \n \n

\n","frontmatter":{"date":"April 01, 2020","updated_date":null,"description":"A multifold approach to advertising, selling, and helping consumers through various marketing touchpoints is an omnichannel consumer experience. To learn more, check out the infographic.","title":"Deliver Exceptional Omnichannel Customer Experience [Infographic]","tags":["omnichannel cx","ciam solution","convenience"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/050ae079d9af1012391d06ecb07d92f1/33aa5/omnichannel-experience.jpg","srcSet":"/static/050ae079d9af1012391d06ecb07d92f1/f836f/omnichannel-experience.jpg 200w,\n/static/050ae079d9af1012391d06ecb07d92f1/2244e/omnichannel-experience.jpg 400w,\n/static/050ae079d9af1012391d06ecb07d92f1/33aa5/omnichannel-experience.jpg 768w","sizes":"(max-width: 768px) 100vw, 768px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.jpg"}}}},{"node":{"excerpt":"LoginRadius is happy to announce that we have a new logo now.  Yes! We loved the old one, but we decided to upgrade it as part of our ever…","fields":{"slug":"/identity/announcing-new-look-of-loginradius/"},"html":"

LoginRadius is happy to announce that we have a new logo now. 

\n

Yes! We loved the old one, but we decided to upgrade it as part of our ever-evolving branding metrics. After all, progress is impossible without change. 

\n

So, here’s our new look.

\n

\n \n \n

\n

A Final Word

\n

The new logo is an attempt at modernizing our brand and helping it connect more with our customers. 

\n

Amidst the huge chunk of workload that rebranding brings along, we are super thrilled to share this news and would like to take a moment to thank our loyal customer base. Do share your comments about the change.

\n

\n \n

\n \n \n

\n

Step 2: Initialize a node.js project with all the dependencies

\n

First in an empty folder run the below command

\n
npm init
\n

It essentially just creates the package.json file with all the basic information you will provide. after that, we will install all the dependencies needed in our project

\n\n
npm install express ejs axios --save
\n

Step 3: Writing express server code to accept web requests

\n

Create a file index.js in the root folder of your app and add the following code:

\n
// index.js\n\n/*  EXPRESS */\nconst express = require('express');\nconst app = express();\n\napp.set('view engine', 'ejs');\nvar access_token = "";\n\napp.get('/', function(req, res) {\n  res.render('pages/index',{client_id: clientID});\n});\n\nconst port = process.env.PORT || 2400;\napp.listen(port , () => console.log('App listening on port ' + port));
\n

Our web server has been set up, now we will add the code related to sending the OAuth request to GitHub using Axios package, at the bottom of the index.js file:

\n
// index.js\n\n// Import the axios library, to make HTTP requests\nconst axios = require('axios')\n// This is the client ID and client secret that you obtained\n// while registering on github app\nconst clientID = 'xxxxxxxxxxxx'\nconst clientSecret = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxx'\n\n// Declare the callback route\napp.get('/github/callback', (req, res) => {\n\n  // The req.query object has the query params that were sent to this route.\n  const requestToken = req.query.code\n  \n  axios({\n    method: 'post',\n    url: `https://github.com/login/oauth/access_token?client_id=${clientID}&client_secret=${clientSecret}&code=${requestToken}`,\n    // Set the content type header, so that we get the response in JSON\n    headers: {\n         accept: 'application/json'\n    }\n  }).then((response) => {\n    access_token = response.data.access_token\n    res.redirect('/success');\n  })\n})\n\napp.get('/success', function(req, res) {\n\n  axios({\n    method: 'get',\n    url: `https://api.github.com/user`,\n    headers: {\n      Authorization: 'token ' + access_token\n    }\n  }).then((response) => {\n    res.render('pages/success',{ userData: response.data });\n  })\n});
\n

Note: The callback URL should be the same as used in the GitHub app configuration.

\n

Step 4: Creating a Login and Profile page

\n

Create an ejs file under path views/pages/index.js, it will render into a nice looking Github authorization page:

\n
<!-- views/index.ejs -->\n<!doctype html>\n<html>\n<head>\n    <title>Github OAuth</title>\n    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css"> <!-- load bulma css -->\n    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css"> <!-- load fontawesome -->\n    <style>\n        body        { padding-top:70px; }\n    </style>\n</head>\n<body>\n<div class="container">\n    <div class="jumbotron text-center text-primary">\n        <h1><span class="fa fa-github"></span> Github OAuth</h1>\n        <p>Authorize your app with:</p>\n        <a href="https://github.com/login/oauth/authorize?client_id=<%= client_id %>" class="btn btn-danger"><span class="fa fa-github"></span> Github Login</a>\n    </div>\n</div>\n</body>\n</html>
\n

After it we will create an ejs file under path views/pages/success.js, it will be used to show the user's GitHub information we will get after authorized by Github

\n
<!-- views/success.ejs -->\n<!doctype html>\n<html>\n  <head>\n    <title>Github OAuth</title>\n    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css"> <!-- load bulma css -->\n    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css"> <!-- load fontawesome -->\n      <style>\n          body        { padding-top:70px; }\n      </style>\n  </head>\n  <body>\n    <div class="container">\n      <div class="jumbotron">\n          <h1 class="text-primary  text-center"><span class="fa fa-github"></span> Github Information</h1>\n          <div class="row">\n            <div class="col-sm-6">\n              <div class="well">\n                <p>\n                  <strong>Name</strong>: <%= userData.name %><br>\n                  <strong>Username</strong>: <%= userData.login %><br>\n                    <strong>Company</strong>: <%= userData.company %><br>\n                    <strong>Bio</strong>: <%= userData.bio %>\n                </p>\n              </div>\n            </div>\n        </div>\n      </div>\n    </div>\n  </body>\n</html>
\n

Note: Here we are also using bootstrap and font-awesome css to make our web pages look good.

\n

We have finished building our OAuth authorization page, let's run the application by below command

\n
node index.js
\n

Once our server is running, we can see our social login page on http://localhost:2400/

\n

\n \n \n

\n

We need to click on the Github Login button, which will redirect us to google login page.

\n

\n \n

\n \n \n

\n

You can implement the OAuth in Node.js by the above process, You can found the complete code used in this tutorial on out

\n

Github Repo

\n","frontmatter":{"date":"March 22, 2020","updated_date":null,"description":null,"title":"OAuth implementation with Node.js and Github","tags":["Oauth","NodeJs"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.9047619047619047,"src":"/static/98393e86e2e011f2e7a9c0b5984471ca/ee604/oauth.png","srcSet":"/static/98393e86e2e011f2e7a9c0b5984471ca/69585/oauth.png 200w,\n/static/98393e86e2e011f2e7a9c0b5984471ca/497c6/oauth.png 400w,\n/static/98393e86e2e011f2e7a9c0b5984471ca/ee604/oauth.png 800w,\n/static/98393e86e2e011f2e7a9c0b5984471ca/f3583/oauth.png 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Puneet Singh","github":"puneetsingh24","avatar":null}}}},{"node":{"excerpt":"In this blog, we’ll be implementing authentication with JWT in a NodeJS web application. For this, we’ll be using jsonwebtoken package…","fields":{"slug":"/engineering/nodejs-and-mongodb-application-authentication-by-jwt/"},"html":"

In this blog, we’ll be implementing authentication with JWT in a NodeJS web application. For this, we’ll be using jsonwebtoken package

\n

What is JWT?

\n

JWT(JSON Web Token) is a token format. It is digitally-signed, self-contained, and compact. It provides a convenient mechanism for transferring data. JWT is not inherently secure, but the use of JWT can ensure the authenticity of the message so long as the signature is verified and the integrity of the payload can be guaranteed. JWT is often used for stateless authentication in simple use cases involving non-complex systems.

\n

Here's an example of JWT:

\n
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Im9sYXR1bmRlZ2FydWJhQGdtYWlsLmNvbSIsIm
\n

Now, let's authenticate/protect some routes.

\n

Pre-requisites:

\n\n

you can install all required packages by using following command:

\n
npm install express mongoose bcrypt  --save
\n

Step 1. First, create a directory structure as below :

\n

JWTApp

\n
-api\n--models\n----userModel.js\n--controllers\n----userController.js\n--route\n----userRoute.js\n--server.js
\n

Step 2. Install “jsonwebtoken” packageby using following command

\n
 npm install jsonwebtoken -- save
\n

Step 3. Create the user model

\n

In the api/models folder, create a file called user userModel.js by running touch api/models/userModel.js.

\n

In this file, create a mongoose schema with the following properties:

\n\n

Add the following code

\n
'use strict';\n\nvar mongoose = require('mongoose'),\n  bcrypt = require('bcrypt'),\n  Schema = mongoose.Schema;\n\n/**\n * User Schema\n */\nvar UserSchema = new Schema({\n  fullName: {\n    type: String,\n    trim: true,\n    required: true\n  },\n  email: {\n    type: String,\n    unique: true,\n    lowercase: true,\n    trim: true,\n    required: true\n  },\n  hash_password: {\n    type: String\n  },\n  created: {\n    type: Date,\n    default: Date.now\n  }\n});\n\nUserSchema.methods.comparePassword = function(password) {\n  return bcrypt.compareSync(password, this.hash_password);\n};\n\nmongoose.model('User', UserSchema);
\n

Step 4. Create the user handlers

\n

In the api/controllers folder, create a file called user userController.js by running touch api/controllers/userController.js

\n

In the userController file, create three different handlers to handle by using the following code

\n
'use strict';\n\nvar mongoose = require('mongoose'),\n  jwt = require('jsonwebtoken'),\n  bcrypt = require('bcrypt'),\n  User = mongoose.model('User');\n\nexports.register = function(req, res) {\n  var newUser = new User(req.body);\n  newUser.hash_password = bcrypt.hashSync(req.body.password, 10);\n  newUser.save(function(err, user) {\n    if (err) {\n      return res.status(400).send({\n        message: err\n      });\n    } else {\n      user.hash_password = undefined;\n      return res.json(user);\n    }\n  });\n};\n\nexports.sign_in = function(req, res) {\n  User.findOne({\n    email: req.body.email\n  }, function(err, user) {\n    if (err) throw err;\n    if (!user || !user.comparePassword(req.body.password)) {\n      return res.status(401).json({ message: 'Authentication failed. Invalid user or password.' });\n    }\n    return res.json({ token: jwt.sign({ email: user.email, fullName: user.fullName, _id: user._id }, 'RESTFULAPIs') });\n  });\n};\n\nexports.loginRequired = function(req, res, next) {\n  if (req.user) {\n    next();\n  } else {\n\n    return res.status(401).json({ message: 'Unauthorized user!!' });\n  }\n};\nexports.profile = function(req, res, next) {\n  if (req.user) {\n    res.send(req.user);\n    next();\n  } \n  else {\n   return res.status(401).json({ message: 'Invalid token' });\n  }\n};
\n

Note: A hash password was saved in the database using bcrypt.

\n

Step 6. In the api/route folder, create a file called user userRoute.js and add the following code:

\n
'use strict';\nmodule.exports = function(app) {\n    var userHandlers = require('../controllers/userController.js');\n    // todoList Routes\n    app.route('/tasks')\n        .post(userHandlers.loginRequired, userHandlers.profile);\n    app.route('/auth/register')\n        .post(userHandlers.register);\n   app.route('/auth/sign_in')\n        .post(userHandlers.sign_in);\n};
\n

Step 7. Add the following code in server.js

\n
'use strict';\n\nvar express = require('express'),\n  app = express(),\n  port = process.env.PORT || 3000,\n\n\n  User = require('./api/models/userModel'),\n  bodyParser = require('body-parser'),\n  jsonwebtoken = require("jsonwebtoken");\n\nconst mongoose = require('mongoose');\nconst option = {\n    socketTimeoutMS: 30000,\n    keepAlive: true,\n    reconnectTries: 30000\n};\n\nconst mongoURI = process.env.MONGODB_URI;\nmongoose.connect('mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb', option).then(function(){\n    //connected successfully\n}, function(err) {\n    //err handle\n});\n\napp.use(bodyParser.urlencoded({ extended: true }));\napp.use(bodyParser.json());\n\napp.use(function(req, res, next) {\n  if (req.headers && req.headers.authorization && req.headers.authorization.split(' ')[0] === 'JWT') {\n    jsonwebtoken.verify(req.headers.authorization.split(' ')[1], 'RESTFULAPIs', function(err, decode) {\n      if (err) req.user = undefined;\n      req.user = decode;\n      next();\n    });\n  } else {\n    req.user = undefined;\n    next();\n  }\n});\nvar routes = require('./api/routes/userRoutes');\nroutes(app);\n\napp.use(function(req, res) {\n  res.status(404).send({ url: req.originalUrl + ' not found' })\n});\n\napp.listen(port);\n\nconsole.log(' RESTful API server started on: ' + port);\n\nmodule.exports = app;
\n

Step 9. Now you just need to run the project by using the following command and try logging by using the JWT.

\n
npm start
\n

Step 10. Open Postman and create a post request to localhost:3000/auth/register as below:

\n

\n \n \n

\n

Under the value, add JWT and the token with a space between, like so:

\n
JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Im9sYXR1bmRlZ2FydWJhQGdtYWlsLmNvbSIsImZ1bGxOYW1lIjoiT2xhdHVuZGUgR2FydWJhIiwiX2lkIjoiNThmMjYzNDdiMTY1YzUxODM1NDMxYTNkIiwiaWF0IjoxNDkyMjgwMTk4fQ.VcMpybz08cB5PsrMSr25En4_EwCGWZVFgciO4M-3ENE
\n

Step 11. Then, enter the parameters for the key and value for fetching the profile. You want to create as shown below and send:

\n

\n \n \n

\n

As we have seen it is fairly easy to build a JWT authentication system with NodeJS, You can found the complete code used in this tutorial here.

\n

Note : You can decode or verify your JWT token details with this tool

\n","frontmatter":{"date":"March 20, 2020","updated_date":null,"description":null,"title":"NodeJS and MongoDB application authentication by JWT","tags":["NodeJs","JWT","MongoDB","Authentication","JSON Web Token"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.6666666666666667,"src":"/static/dbea56d68d6c702835ba66ef864dbdd2/46604/jwt.png","srcSet":"/static/dbea56d68d6c702835ba66ef864dbdd2/69585/jwt.png 200w,\n/static/dbea56d68d6c702835ba66ef864dbdd2/497c6/jwt.png 400w,\n/static/dbea56d68d6c702835ba66ef864dbdd2/46604/jwt.png 500w","sizes":"(max-width: 500px) 100vw, 500px"}}},"author":{"id":"Ashish Sharma","github":"ashish8947","avatar":null}}}}]},"markdownRemark":{"excerpt":"Identity is evolving, and developers are at the forefront of this transformation. Every day brings a new learning—adapting to new standards…","fields":{"slug":"/identity/developer-first-identity-provider-loginradius/"},"html":"

Identity is evolving, and developers are at the forefront of this transformation. Every day brings a new learning—adapting to new standards and refining approaches to building secure, seamless experiences.

\n

We’re here to support developers on that journey. We know how important simplicity, efficiency, and well-structured documentation are when working with identity and access management solutions. That’s why we’ve redesigned the LoginRadius website—to be faster, more intuitive, and developer-first in every way.

\n

The goal? Having them spend less time searching and more time building.

\n

What’s New and Improved on the LoginRadius Website?

\n

LoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve spent the last few months redesigning our interface— making navigation more intuitive and reassuring that essential resources are easily accessible.

\n

Here’s a closer look at what’s new and why it’s important:

\n

A Developer-Friendly Dark Theme

\n

\"This

\n

Developers spend long hours working in dark-themed IDEs and terminals, so we’ve designed the LoginRadius experience to be developer-friendly and align with that preference.

\n

The new dark mode reduces eye strain, enhances readability, and provides a seamless transition between a coding environment and our platform. Our new design features a clean, modern aesthetic with a consistent color scheme and Barlow typography, ensuring better readability. High-quality graphics and icons are thoughtfully placed to enhance the content without adding visual clutter.

\n

So, whether you’re navigating our API docs or configuring authentication into your system, our improved interface will make those extended development hours more comfortable and efficient.

\n

Clear Categorization for LoginRadius Capabilities

\n

\"This

\n

We’ve restructured our website to provide a straightforward breakdown of our customer identity and access management platform capabilities, helping you quickly find what you need:

\n\n

This structured layout ensures you can quickly understand each capability and how it integrates into your identity ecosystem.

\n

Developer-First Navigation

\n

\"This

\n

We’ve been analyzing developer workflows to identify how you access key resources. That’s why we redesigned our navigation with one goal in mind: to reduce clicks and make essential resources readily available.

\n

The new LoginRadius structure puts APIs, SDKs, and integration guides right at the menu bar under the Developers dropdown so you can get started faster. Our Products, Solutions, and Customer Services are also clearly categorized, helping development teams quickly find the right tools and make informed decisions.

\n

Quick Understanding of Integration Benefits

\n

\"This

\n

Developers now have a clear view of the tech stack available with LoginRadius, designed to support diverse business needs.

\n

Our platform offers pre-built SDKs for Node.js, Python, Java, and more, making CIAM integration seamless across popular programming languages and frameworks.

\n

Over to You Now!

\n

Check out our revamped LoginRadius website and see how the improved experience makes it easier to build, scale, and secure your applications.

\n

Do not forget to explore the improved navigation and API documentation, and get started with our free trial today. We’re excited to see what you’ll build with LoginRadius!

\n","frontmatter":{"date":"February 21, 2025","updated_date":null,"description":"LoginRadius’ vision is to give developers a product that simplifies identity management so they can focus on building, deploying, and scaling their applications. To enhance this experience, we’ve redesigned our website interface, making navigation more intuitive and reassuring that essential resources are easily accessible.","title":"Revamped & Ready: Introducing the New Developer-First LoginRadius Website","tags":["Developer tools","API","Identity Management","User Authentication"],"pinned":true,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7857142857142858,"src":"/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp","srcSet":"/static/80b4e4fbe176a10a327d273504607f32/61e93/hero-section.webp 200w,\n/static/80b4e4fbe176a10a327d273504607f32/1f5c5/hero-section.webp 400w,\n/static/80b4e4fbe176a10a327d273504607f32/58556/hero-section.webp 800w,\n/static/80b4e4fbe176a10a327d273504607f32/99238/hero-section.webp 1200w,\n/static/80b4e4fbe176a10a327d273504607f32/7c22d/hero-section.webp 1600w,\n/static/80b4e4fbe176a10a327d273504607f32/1258b/hero-section.webp 2732w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Rakesh Soni","github":"oyesoni","avatar":"rakesh-soni.jpg"}}}},"pageContext":{"limit":6,"skip":792,"currentPage":133,"type":"///","numPages":161,"pinned":"ee8a4479-3471-53b1-bf62-d0d8dc3faaeb"}},"staticQueryHashes":["1171199041","1384082988","2100481360","23180105","528864852"]}